ldapadd 错误:“附加信息:objectClass:值 #2 语法无效”是什么意思?

tag-icon tag-icon active-directory ldap database openldap
ldapadd 错误:“附加信息:objectClass:值 #2 语法无效”是什么意思?

我正在尝试从 Active Directory Windows 服务器迁移到 Openldap,在将从 AD 导出的 .ldif 数据库导入到我的新 Openldap 时发现一个问题!当我尝试执行: ldapmodify -Y EXTERNAL -H ldapi:/// -f exportuser.ldf 我得到了:

dn:dc=si,dc=infra
changetype: add
objectClass: top
objectClass: domain
objectClass: domainDNS
distinguishedName: DC=si,DC=infra
instanceType: 5
whenCreated: 20140903112404.0Z
whenChanged: 20200710114957.0Z
subRefs: DC=ForestDnsZones,DC=si,DC=infra
subRefs: DC=DomainDnsZones,DC=si,DC=infra
subRefs: CN=Configuration,DC=si,DC=infra
uSNCreated: 4099
dSASignature:: AQAAACgAAAAAAAAAAAAAAAAAAAAAAAAAFZdkFLMGb0aPv8u9xkFAiw==
repsFrom::
 AgAAAAAAAADwAQAAoQQAAEk0WhMDAAAArh8ZFQMAAADZBgAA2AAAABgBAABwAAAAERERERERERERER
 ERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERER
 ERERERERERERERERERERAAAAAKpXAQAAAAAAAAAAAAAAAACqVwEAAAAAAK5eK8JSo2VLj8lZCMtB4q
 W2BWGS+bZXS5Ih2qP3nk/NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAEAABgAAAAAAAAAkAAAAAAA
 AAAAAAAAYwAyADIAYgA1AGUAYQBlAC0AYQAzADUAMgAtADQAYgA2ADUALQA4AGYAYwA5AC0ANQA5AD
 AAOABjAGIANAAxAGUAMgBhADUALgBfAG0AcwBkAGMAcwAuAHMAaQBmAGEAcwB0AC4AaQBuAGYAcgBh
 AAAAAAAAAAAAYwAyADIAYgA1AGUAYQBlAC0AYQAzADUAMgAtADQAYgA2ADUALQA4AGYAYwA5AC0ANQ
 A5ADAAOABjAGIANAAxAGUAMgBhADUALgBfAG0AcwBkAGMAcwAuAHMAaQBmAGEAcwB0AC4AaQBuAGYA
 cgBhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
repsFrom::
 AgAAAAAAAADwAQAAblMAAJkvBQ8DAAAAWh8ZFQMAAAC6BgAA2AAAABgBAABwAAAAERERERERERERER
 ERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERER
 ERERERERERERERERERERAAAAALrDDAAAAAAAAAAAAAAAAAC6wwwAAAAAANGWjIQnKUVChkMTYKaH0u
 6nIrWbtxGPSZF02Z788HncAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAEAABgAAAAAAAAAkAAAAAAA
 AAAAAAAAOAA0ADgAYwA5ADYAZAAxAC0AMgA5ADIANwAtADQAMgA0ADUALQA4ADYANAAzAC0AMQAzAD
 YAMABhADYAOAA3AGQAMgBlAGUALgBfAG0AcwBkAGMAcwAuAHMAaQBmAGEAcwB0AC4AaQBuAGYAcgBh
 AAAAAAAAAAAAOAA0ADgAYwA5ADYAZAAxAC0AMgA5ADIANwAtADQAMgA0ADUALQA4ADYANAAzAC0AMQ
 AzADYAMABhADYAOAA3AGQAMgBlAGUALgBfAG0AcwBkAGMAcwAuAHMAaQBmAGEAcwB0AC4AaQBuAGYA
 cgBhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uSNChanged: 88191049
name: si
objectGUID:: L2ettnpuxEaavgfWpC5gUQ==
replUpToDateVector::
 AgAAAAAAAAACAAAAAAAAALYFYZL5tldLkiHao/eeT83zVwEAAAAAAEk0WhMDAAAApyK1m7cRj0mRdN
 me/PB53MzDDAAAAAAAiiEFDwMAAAA=
creationTime: 132388553973680553
forceLogoff: -9223372036854775808

请帮点忙。???

答案1

您正在尝试导入一个对象类值不存在于您的 OpenLDAP 服务器子模式中的条目。

如果不导入大量 MS AD 架构,就无法从 MS AD 迁移到 OpenLDAP。但即使您添加了架构,您也需要其他真正使用它的组件。在这种特殊情况下,您需要一个 DNS 服务器从 MS AD 专有 LDAP 属性中提取 DNS RR。

更好的选择可能是迁移到 Active Directory 模式下的 Samba 4,它应该是 MS AD 的替代品。

相关内容